MS Graph - team create API returns 403 Forbidden error without proper error message

Wolken Software Ltd 0 Reputation points
2023-07-28T19:24:34.6533333+00:00

I have a single-tenant Azure app and I have all the required permission for creating an MS team via the app, and The API was working fine with the multi-tenant App earlier, but the same code is not working for the single-tenant app registered user; Please let me know if I am missing anything here; I am using organization tenant uri in my authn and authz calls for the single tenant.

Error Response User's image

API Permissions:

User's image

Decoded user's token

User's image

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,318 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,926 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,750 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sayali-MSFT 2,256 Reputation points Microsoft Vendor
    2023-07-31T13:03:29.7566667+00:00

    @Wolken Software Ltd - When issuing a request with application permissions, a user must be specified in the members collection.

    POST https://graph.microsoft.com/v1.0/teams
    Content-Type: application/json
    
    {
       "template@odata.bind":"https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
       "displayName":"My Sample Team",
       "description":"My Sample Team’s Description",
       "members":[
          {
             "@odata.type":"#microsoft.graph.aadUserConversationMember",
             "roles":[
                "owner"
             ],
             "user@odata.bind":"https://graph.microsoft.com/v1.0/users('0040b377-61d8-43db-94f5-81374122dc7e')"
          }
       ]
    }
    

    User's image

    If you are using the unattended client credentials flow to obtain an access token, then you must specify the user in the member collection.


  2. CarlZhao-MSFT 34,616 Reputation points
    2023-08-01T03:13:35.17+00:00

    Hi @Wolken Software Ltd

    Make sure the target user has an O365 license, which is required to create a team.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.